By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

and steal credentials.

SearchSecurity.com:

To get security news and tips delivered to your inbox,
click here to sign up for our free newsletter.

Researchers at security vendor Trusteer Inc. issued an advisory warning that the Silon Trojan can detect when a user initiates a Web login session in Internet Explorer. It intercepts the login session, encrypts the data and sends it to a command-and-control server where it is collected with credentials from other victims.

In a more sophisticated attack, the Trojan targets people logging into their online bank accounts. New York, N.Y.-based Trusteer said Silon can inject sophisticated dynamic HTML code into the login flow between the user and their bank's Web server. The method involves using a webpage displaying a phony message asking the victim to verify their login details. If the victim complies with the request, the login credentials are sent to the command-and-control server, said Amit Klein, chief technology officer of Trusteer.

Even more troubling is Silon's method of taking advantage of hardware tokens to add cybercriminals as new payees to bank accounts. The malware uses code that can steal bank hardware token challenge code credentials. It generates a webpage to lure the user into giving up the challenge code. The fraudsters can then use the credentials to bypass the hardware token challenge and set up a mule account that allows them broad access to transfer funds, Klein said.

"I'm most worried by the level of sophistication that is exhibited in this malware," Klein said. "They employ some counting techniques combining a bit of social engineering with careful and well executed flood attacks on banks."

Hardware tokens are popular at some European banks, but several financial institutions in the United States use hardware tokens, Klein said. Although Silon represents a tiny fraction of all malware, the Trusteer research team detected it in late September in honeypots located in North America and Europe. Klein estimates that 1 in 1,000 PCs are infected.

It's unclear how machines are being infected by Silon. Klein suspects it could be something as mundane as an infected USB drive or any kind of spam campaign.

Trusteer is working with law enforcement to trace the communication lines back to the command-and-control servers. Klein declined to comment on the location of the servers and said researchers have not had access to them to determine the extent of the malware's success.

"It's pretty new malware and we suspect that not all antivirus vendors have started to detect it," Klein said. "Financial malware is somewhat more difficult to detect because it tries to hide itself and not make any unnecessary modifications or give up telltale signs of its existence, because that would undermine its longevity and effectiveness."

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy